operator-sdk icon indicating copy to clipboard operation
operator-sdk copied to clipboard

Published 20 hours ago verified publisher icon operator-framework

Investigate UBI-micro for Ansible, Helm and SDK base images

Open fgiloux opened this issue 1 year ago • 8 comments
trafficstars

Feature Request

Describe the problem you need a feature to resolve.

UBI-micro has a few advantages compared to UBI-minimal

  • smaller attack surface
  • no package manager
  • size

In addition it is not uncommon for image scanners to report vulnerabilities against versions of UBI-minimal. Even if they may be false positives it still creates burden for investigating them and makes acceptance more difficult on user side.

Describe the solution you'd like.

This is a follow up of https://github.com/operator-framework/operator-sdk/issues/5619

Using UBI-micro would help with the points mentioned above.

fgiloux avatar Jan 02 '24 18:01 fgiloux

@fgiloux Thanks for raising this issue. We do not have a full picture on what needs to be done to move to ubi-micro. To get started, we would just have to swap the base image, check if the tests pass and proceed with debugging the issues. This is an investigative feature.

It would be helpful if someone from the community could take this up.

varshaprasad96 avatar Jan 08 '24 19:01 varshaprasad96

Hi @varshaprasad96 Thanks for the feedback. I gave it a try but the repo does not compile currently. It depends on helm, which has a dependency on distribution/distribution, which has a dependency on github.com/mitchellh/osext, which does not exist any more. I tried to work around it by pointing to a newer version of distribution/distribution but there were other dependency issues and I gave up. There is for instance https://github.com/operator-framework/operator-sdk/issues/6569, which was raised for docker/distribution, which redirects to distribution/distribution

fgiloux avatar Jan 09 '24 14:01 fgiloux

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

openshift-bot avatar Apr 12 '24 01:04 openshift-bot

/remove-lifecycle stale

fgiloux avatar Apr 13 '24 08:04 fgiloux

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

openshift-bot avatar Jul 15 '24 01:07 openshift-bot

Stale issues rot after 30d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle rotten. Rotten issues close after an additional 30d of inactivity. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle rotten /remove-lifecycle stale

openshift-bot avatar Aug 14 '24 08:08 openshift-bot

/remove-lifecycle stale

fgiloux avatar Aug 20 '24 06:08 fgiloux

/remove-lifecycle rotten

fgiloux avatar Aug 20 '24 06:08 fgiloux